This article from Bloomberg is so good but is behind a reg wall, so I share it in full here:
Chinese Hackers Compromised Telecom Firms, Researchers Say
ByThe hacking groups waged a campaign across Southeast Asia from 2017 to 2021, in some cases exploiting security vulnerabilities in Microsoft Corp.’s Exchange servers to gain access to telecommunication companies’ internal systems, according to a new report published Tuesday by U.S.-based security firm Cybereason Inc.
“These state-sponsored espionage operations not only negatively impact the telcos’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability,” Div said.
The Chinese Foreign Ministry said Wednesday that the report “hypes political rumors” created by the U.S. and its allies and are “fabricated out of nothing.” The ministry also urged relevant American security companies to “pay more attention to cyberattacks by U.S. government hackers against China and other countries.”
Div declined to name specific companies or countries where the hackers carried out their intrusions, though the report said they targeted telecommunications providers in some Southeast Asian nations that had long-standing disputes with China. It also pointed to older research from the cybersecurity firm Check Point Software Technologies Ltd. that found one of the hacking groups had previously targeted government foreign affairs, science and technology ministries, as well as government-owned companies in countries including Indonesia, Vietnam and the Philippines.
The hackers’ intent was likely to obtain information about corporations, political figures, government officials, law enforcement agencies, political activists and dissident factions of interest to the Chinese government, according to Cybereason’s researchers. However, the hackers also had the ability to shut down or disrupt the networks if they chose to shift their priority from espionage to interference, the security firm concluded.
Cybereason found the hackers to be “highly sophisticated and adaptive,” continuously evading security measures. One of the groups was observed hiding its malicious software in computers’ recycle bin folders. Another group disguised itself within anti-virus software and also used a South Korean multimedia player called “PotPlayer” to infect computers with a keylogger that recorded what they were typing.
In some cases, the hackers accessed the telecommunication networks by breaking in through security weaknesses in Microsoft’s Exchange Servers. Hackers affiliated with the group known as Soft Cell were exploiting some of the vulnerabilities at least three months before Microsoft publicly disclosed them in March 2021, according to Cybereason.
The security firm’s findings follow allegations by the U.S. and U.K. governments, which on July 19 blamed actors affiliated with the Chinese government for a series of global hacks on Microsoft Exchange servers. “The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not,” U.K. Foreign Secretary Dominic Raab said in a statement.
— With assistance by Lucille Liu